Microsoft Confirms PowerPoint Zero-Day Attack
Microsoft Word had a zero-day bug, then Excel, now its PowerPoint. Really gives you confidence in Microsoft’s “Security Initiative,” huh?
“The latest attack exploits a previously undocumented flaw in Microsoft PowerPoint, the ubiquitous presentation program used by millions of users around the world. The attack comes just days after Microsoft’s July Patch Tuesday and closely mirrors the situation in June when a zero-day Excel attack was discovered 24 hours after Patch Day. Virus hunters at Symantec linked the zero-day attack to a Trojan horse program called Trojan.PPDropper.B that arrives via e-mail from a Gmail address. The subject line of the mail and the .ppt file-name are in Chinese characters, suggesting that the attacks are emanating fromâ€”and attacking targetsâ€”in the Far East. If the PowerPoint attachment is opened, the Trojan drops and executes a variant of Backdoor.Bifrose.E, a keystroke logger that is used to steal sensitive information and send it back to a remote server controlled by malicious hackers.”